Ghosty VPN – Specific Privacy Notice

This document supplements the General Privacy Policy and describes privacy practices specific to the Ghosty VPN service.

Last Updated: 17 April 2026

Our privacy documentation is divided into two documents for clarity:

General Privacy Policy
Ghosty VPN – Specific Privacy Notice (this document)

1. Our No-Logs Approach (What We Do NOT Log)

Ghosty VPN is designed with a “no-logs” approach for VPN traffic. We do not log or store:

  • Browsing history or websites visited through the VPN
  • DNS queries linked to an identifiable user
  • The contents of your traffic
  • VPN session timestamps/duration as a historical activity record
  • Files downloaded through the VPN

This “no-logs” approach applies specifically to VPN traffic and does not affect limited data processing carried out in other parts of the Service (such as account management, billing, and support), as described in our General Privacy Policy.

2. Minimal Technical Data Processed to Operate the VPN

To operate the VPN reliably and securely, limited technical data is processed.

2.1 Data temporarily processed on VPN servers

  • Active connection IP addresses (processed in memory while connected and erased upon server restart).
  • Data volume and transfer rates per active connection (without logging destinations or websites visited).
  • System usage statistics (e.g., CPU load, network utilization), retained for a limited period (e.g., up to 30 days) to maintain service stability and security.

This data is used for operational integrity, capacity planning, abuse detection at a system level, and troubleshooting.

2.2 Web application operational logs (separate from VPN traffic)

Our web application (account/login/subscription management) may retain limited operational logs (such as IP addresses and user agents) for a limited time (e.g., up to 14 days) to protect accounts, prevent fraud and abuse (including in connection with billing and refund requests), and ensure service reliability. These logs are not VPN traffic logs and do not reveal websites visited through the VPN.

3. In-App Diagnostic and Event Data (Application Layer)

The Ghosty VPN application may process limited diagnostic and event data to ensure functionality and improve performance, such as:

  • Successful login events
  • Connection attempts and connection status
  • App errors and crash diagnostics
  • Feature usage in aggregated form (e.g., which settings are used most often)

Where possible, we minimize this data and aim to keep it anonymized or pseudonymized and separate from VPN traffic. Where required by applicable law, we will obtain your consent before enabling optional analytics or diagnostics. You can opt out via application settings (where available).

4. Feature-Specific Notes

4.1 Threat Protection / Tracker Blocking

If you enable threat protection or tracker blocking, requests may be evaluated in real time to determine whether to block ads, trackers, malicious domains, or malware. We do not store your browsing history as part of this feature. Where retained, only aggregated statistics may be kept for service improvement, and users may be able to opt out where available.

4.2 Encryption and Security Protections

We use modern, industry-standard cryptographic protections to secure VPN connections and protect data in transit. The specific protocols and cipher suites may vary depending on the platform, device, and configuration, and may include widely adopted algorithms such as ChaCha20-Poly1305 and/or AES in secure authenticated modes.

5. Retention

Unless a different period is stated above:

  • System Logs (CPU, network usage): Stored for up to 30 days to optimize server performance and maintain service security.
  • Threat Protection Data: Only aggregated statistics are retained, and users can opt out.
  • Active connection IP addresses: stored in memory and erased upon server restart.

6. Minors

Ghosty VPN is not directed to children. Where minors are permitted to use the Service, they may do so only in accordance with the age requirements and parental/guardian consent conditions described in our EULA and General Privacy Policy. We apply the same data minimization approach described in this Notice to all users, including minors.

7. Server Locations

Ghosty VPN may operate servers in multiple regions to provide connectivity and performance. Minimal technical data (as described in this Notice) may be processed on the server location you connect to. We apply the same data protection principles and safeguards regardless of server region.

8. Contact

If you have questions about this Specific Privacy Notice, contact: [email protected]

Scroll to Top